Not-A-Virus.Monitor.Win32.Ardamax.ae - Page 2

Question

crunchie 990 Most Valuable Poster

16 Years Ago

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Make sure that you restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Post new HJT log.

crunchie 990 Most Valuable Poster

16 Years Ago

Try the solution found here.

crunchie 990 Most Valuable Poster

16 Years Ago

Try a scan at Kaspersky. Post the log. If that reveals nothing, then you may be up for a re-install :(.

crunchie 990 Most Valuable Poster

16 Years Ago

You are welcome :).

This thread is now closed. If you need it reopened, please send a PM to one of our Mods.

Include the link to the thread and detail why you need it reopened.

If this is not your thread please start a New Topic.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 1 · 2008-04-13T09:08:38+00:00

Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox, then click Finish.
Reboot and try again.

vidyaskandan 0 Light Poster · Answer 2 · 2008-04-13T09:39:57+00:00

Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox, then click Finish.
Reboot and try again.

Hi.. I tried that winsockfix another time and rebooted my system. Now it has started working. But sometimes it gives problem. Yesterday it worked for sometime. Gave some problem in between. And in the evening after i restarted it has started working. As of now everything is ok. Do i have to run LSP now?

vidyaskandan 0 Light Poster · Answer 3 · 2008-04-13T09:41:37+00:00

Download LSPfix from here
On the opening screen, click the "I know what I'm doing" checkbox, then click Finish.
Reboot and try again.

Hi.. I tried that winsockfix another time and rebooted my system. Now it has started working. But sometimes it gives problem. Yesterday it worked for sometime. Gave some problem in between. And in the evening after i restarted it has started working. As of now everything is ok. Do i have to run LSPfix now?

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 4 · 2008-04-13T09:51:58+00:00

If everything is ok, then do not worry about running LSP fix. If it plays up again, give it a try.

vidyaskandan 0 Light Poster · Answer 5 · 2008-04-13T09:54:36+00:00

vidyaskandan 0 Light Poster

16 Years Ago

Yeah sure. Thanks CRUNCHIE :)

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 6 · 2008-04-13T10:29:01+00:00

crunchie 990 Most Valuable Poster

16 Years Ago

No worries :)

vidyaskandan 0 Light Poster · Answer 7 · 2008-04-18T14:02:30+00:00

If everything is ok, then do not worry about running LSP fix. If it plays up again, give it a try.

Hi !

Still I have the same "server connection failed" problem. I tried LSPfix too but it says "No changes necessary" and showing 0(zero) entries removed in 4 items. What can i do next. Please help me out. :'(. If I use winsockfix then I am not able to even access websites, which is still worser.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 8 · 2008-04-18T15:21:22+00:00

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see how things are now.

vidyaskandan 0 Light Poster · Answer 9 · 2008-04-19T21:48:35+00:00

Download Dial-a-Fix and run it. Select the 'Check all' (green arrow) and then hit 'GO.'
Reboot when done and see how things are now.

Hi Crunchie

Dial-a-Fix did it. Now my connection is perfect. Initially after running that messenger did not work. But I reinstalled it. And now all the server connections are working. Thanks a lot. Your help is appreciated

Thanks !! :cool: :icon_razz: :icon_smile: :)

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 10 · 2008-04-20T07:17:07+00:00

crunchie 990 Most Valuable Poster

16 Years Ago

I'm glad to hear it is fixed :). You are welcome.

vidyaskandan 0 Light Poster · Answer 11 · 2008-05-06T22:13:11+00:00

Hi.

As i have already mentioned above, my system seems to boot very slow and operations also little slow. But it was too good a few months before. I ran that ATF cleaner too. Its removing the cache but Im did not see any considerable change. My system is totally free from viruses, spywares and all. I have installed AVG and Mcafee and daily they are updated and no virus has been detected. But still my system is slow. Can you suggest me something. Please. !!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 12 · 2008-05-07T03:00:48+00:00

Hi.
As i have already mentioned above, my system seems to boot very slow and operations also little slow. But it was too good a few months before. I ran that ATF cleaner too. Its removing the cache but Im did not see any considerable change. My system is totally free from viruses, spywares and all. I have installed AVG and Mcafee and daily they are updated and no virus has been detected. But still my system is slow. Can you suggest me something. Please. !!

Try defragmenting your drive and see how that goes.

vidyaskandan 0 Light Poster · Answer 13 · 2008-05-07T09:36:14+00:00

Hi. Defragment? But I dont know how to do. Sorry. Excuse me. I dont meddle much with those things. Can u please tell me how to do?

vidyaskandan 0 Light Poster · Answer 14 · 2008-05-07T09:56:13+00:00

I just made a quick look in google search about the defragmentation. But looks like it will take very long time to get it done !!! My hard disk capacity is 160GB. How long it will take. ? Around 80% of my disk is full. So I think it is recommended to do defragmentation. But please help me to do tat without causing any loss of file. Since i could not back such large amount of data up.

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 15 · 2008-05-07T16:22:46+00:00

Go to Start | All Programs | Accessories | System Tools and click on Disk Defragmenter and when it comes up, select the Defragment now option.
It is a perfectly safe operation. You would be best served to start it before retiring for the night just in case it takes a long time.

vidyaskandan 0 Light Poster · Answer 16 · 2008-05-11T10:32:49+00:00

Hi I did Defragmentation. It went on well without any problem. Thanks. But Sorry to say, still I didnt notice any considerable improvement in the performance of my system. Even now some of my windows applications take time to open (like Internet Explorer, MS Office applns and so on). Is there anything else to do for a better performance.. Please help me !!

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 17 · 2008-05-11T15:39:09+00:00

I do not know what else to suggest for you :(. Perhaps some of our other knowledgeable members here have a suggestion.

vidyaskandan 0 Light Poster · Answer 18 · 2008-05-11T16:59:21+00:00

I do not know what else to suggest for you :(. Perhaps some of our other knowledgeable members here have a suggestion.

:-O Tats ok crunchie. Thanks a lot for all ur support. Will get back to u later if i get any problem. Thanks again

vidyaskandan 0 Light Poster · Answer 19 · 2008-08-24T14:00:28+00:00

Hello Sir,

I am back after a long time.. Recently I have a problem. When I do google search, I am not able to go access the search results. I am directed to some link related to "Antivirus 2009" when i click the search result. The link is
http://main-scanner.com/2009/9/_freescan.php?aid=880501

Its saying that my system is infected with sever spyware and asking me to install Antivirus 2009 software to remove those. I made a thorough scan using AVG and Mcafee. Results are clear.

Here I have attached the screen shot showing what I got after clicking on the search result link. Please help me to get rid of this.

vidyaskandan 0 Light Poster · Answer 20 · 2008-09-02T23:46:44+00:00

vidyaskandan 0 Light Poster

16 Years Ago

Hi Crunchie,

Actually before I get your reply i tried running combofix once. It deleted a few files automatically and after that my webpages are loading properly. Now I have a problem may be because of the previous infection. Now Im not able to install or uninstall anything. I could not install even this malwarebyte you have mentioned in the previous post. While uninstalling any application from Add or Remove programs im getting an error saying "Windows Installer service could not be accessed. This can occur if you are running windows in safe mode, or if the windows installer is not correctly installed."

But I downloaded the Windows Installer 3.1 from Microsoft website and installed. Even then im getting such error. Please Help me out. :( Im not able to access server connections too(like AVG automatic update, rapidshare downloads etc.) which is a similar problem that we were discussing about long back.

Now i post here my recent combofix and HJT log. Please review and solve this issue.

Thanks !!!

ComboFix.txt (13.79 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

ComboFix 08-08-23.03 - computer 2008-09-02 22:44:28.13 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.588 [GMT 5.5:30]
Running from: C:\Documents and Settings\computer\Desktop\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\lsprst7.dll

.
(((((((((((((((((((((((((   Files Created from 2008-08-02 to 2008-09-02  )))))))))))))))))))))))))))))))
.

2015-08-11 13:12 . 2008-05-14 16:11	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2015-08-11 13:12 . 2006-09-06 17:43	536,888	--a------	C:\WINDOWS\system32\xmllitesetup.exe
2015-08-11 13:12 . 2006-06-29 08:05	23,552	--a------	C:\WINDOWS\system32\normaliz.dll
2015-08-11 13:12 . 2006-09-01 08:44	8,798	--a------	C:\WINDOWS\system32\icrav03.rat
2015-08-11 11:51 . 2008-09-02 14:41	116	--a------	C:\WINDOWS\NeroDigital.ini
2008-09-02 22:38 . 2008-09-02 22:39	<DIR>	d--------	C:\WINDOWS\system32\CatRoot2
2008-08-23 17:04 . 2008-08-23 17:04	<DIR>	d--------	C:\Documents and Settings\computer\Application Data\Grisoft
2008-08-23 17:04 . 2007-05-30 17:40	10,872	--a------	C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-08-23 07:16 . 2008-08-23 07:16	<DIR>	d--------	C:\WINDOWS\system32\xlib254.dll
2008-08-23 07:16 . 2008-08-23 07:16	<DIR>	d--------	C:\WINDOWS\system32\append.dll
2008-08-23 00:22 . 2008-08-23 00:56	<DIR>	d--------	C:\Program Files\WMR11
2008-08-22 23:27 . 2008-08-22 23:27	<DIR>	d--------	C:\Program Files\Amyuni PDF Converter
2008-08-22 23:27 . 2008-08-22 23:27	1,929,216	--a------	C:\WINDOWS\system32\cdintf250.dll
2008-08-07 14:18 . 2008-08-07 14:18	<DIR>	d--------	C:\Program Files\iTunes
2008-08-07 14:18 . 2008-08-07 14:18	<DIR>	d--------	C:\Program Files\iPod
2008-08-07 14:17 . 2008-08-07 14:17	<DIR>	d--------	C:\Program Files\QuickTime
2008-08-07 14:16 . 2008-08-07 14:16	<DIR>	d--------	C:\Program Files\Apple Software Update
2008-08-07 14:15 . 2008-08-07 14:15	<DIR>	d--------	C:\Program Files\Common Files\Apple
2008-08-07 14:15 . 2008-08-07 14:15	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 17:14	---------	d-----w	C:\Documents and Settings\computer\Application Data\DMCache
2008-09-02 06:00	---------	d-----w	C:\Documents and Settings\computer\Application Data\AVG7
2008-08-21 17:44	---------	d-----w	C:\Program Files\Focus MP3 Recorder Pro
2008-08-11 08:29	---------	d-----w	C:\Program Files\PDFCreator
2008-08-07 11:43	---------	d-----w	C:\Program Files\KStarSoft
2008-08-07 08:48	---------	d-----w	C:\Documents and Settings\computer\Application Data\Apple Computer
2008-08-07 08:48	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-14 14:02	---------	d-----w	C:\Program Files\Sun
2008-07-14 14:02	---------	d-----w	C:\Program Files\Java
2008-07-10 09:15	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-07-10 09:15	---------	d-----w	C:\Program Files\bsnl
2008-05-21 15:40	59,432	----a-w	C:\Documents and Settings\computer\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:30 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-25 12:21 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-25 12:21 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-25 12:21 131072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-08-05 13:20 180269]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe" [2001-03-22 20:48 192512]
"OrderReminder"="C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-21 15:30 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-19 15:10 579584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-22 20:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 11:27 136768]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 20:42 116040]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 14:55 6731312]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-25 12:21 16132608 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-25 14:26 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli scecli scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\computer\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost Agent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoPowerOn]
--a------ 2007-07-10 22:01 2916352 C:\Program Files\PCZeitschaltuhr\AutoPowerOn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-08-29 19:49 2532784 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kural 3.0]
--a------ 2004-01-15 08:32 311296 C:\Program Files\KStarSoft\3.0\Kural.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 21:54 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-08-10 21:03 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 06:20 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"E:\\Games\\Heavy Metal\\fakk2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"84:TCP"= 84:TCP:VRS Recording System Web Control Panel
"81:TCP"= 81:TCP:Axon Web Server

R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~2\SHARED~1\LICENS~1\Intel\lmgrd.exe [2006-03-24 22:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22d5b662-c785-11dc-b038-001167558fc8}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2faa834e-7579-11dc-956b-0019d187a3cf}]
\Shell\Auto\command - G:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{683226a4-62f0-11dc-950f-0019d187a3cf}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell

HJT.txt (9.32 KB)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:53:12 PM, on 9/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~2\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\PROGRA~1\ANSYSI~2\SHARED~1\LICENS~1\Intel\lmgrd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\ANSYSI~2\SHARED~1\LICENS~1\Intel\ansyslmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb02.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img4.orkut.com/activex/10036/photouploader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87F1448D-FEB7-40C1-88DE-2F38F8E4B34B}: NameServer = 218.248.255.145,218.248.240.24
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~2\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: USBest Service Zero (UTSCSI) - USBest - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 9544 bytes

vidyaskandan 0 Light Poster · Answer 21 · 2008-09-05T00:26:52+00:00

Hi.

I installed the latest windows installer through this only. And now i tried both the methods mentioned there. But no change. Can u please suggest me something else to resolve this problem. Im not able to install or uninstall any software.:( Please. Early reply is solicited.

Thanks

vidyaskandan 0 Light Poster · Answer 22 · 2008-09-05T01:11:48+00:00

vidyaskandan 0 Light Poster

16 Years Ago

Hi. Im attaching the result file of Malwarebyte scan. Please review and comment

mbam-log-2008-09-05_(00-38-02).txt (1.52 KB)

Malwarebytes' Anti-Malware 1.26
Database version: 1113
Windows 5.1.2600 Service Pack 2

9/5/2008 12:38:02 AM
mbam-log-2008-09-05 (00-38-02).txt

Scan type: Quick Scan
Objects scanned: 48749
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\urlsearchhook.softomateurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.softomateurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> Quarantined and deleted successfully.

vidyaskandan 0 Light Poster · Answer 23 · 2008-09-10T21:18:26+00:00

Hi Crunchie

My problem is solved now. I made a scan via Kaspersky Online Scan. But my system is free from infections. The problem was with Windows Installer. It had corrupted I suppose and that caused the problem and prevented me from installing and uninstalling any application. I installed the latest Windows Installer 4.5. Now my system is alright. Also I was not able to see picasa album photos during that period. After I reinstall Internet Explorer 7.0, that problem has also been solved and my system is perfect. Thanks for all your supports.